<?
##########################################################################
#		DOCUMENTATION
##########################################################################
# Class that extends the core class. This module will provide the methods
# needed by the site to access users' informations. In this context authors
# and users are threated together.
#
# © LiberLab group, 2011
##########################################################################

require_once("core.php");

class User extends Core{
	public function __construct() {
		parent::__construct();
	}
	# function to insert a new user in the database
	public function userInsert($nickname, $password, $email, $authorId = NULL, $authorName = NULL, $authorSurname = NULL){
		$database = self::$database;
		return $database->execSecure("call userInsert(:nickname, :password, :email, :authorId, :authorName, :authorSurname, @o);", 
		array(":nickname" => $nickname, ":password" => $password, ":email" => $email, ":authorId" => $authorId,
		":authorName" => $authorName, ":authorSurname" => $authorSurname));
	}
	# function to edit the infos of a user in the database
	public function userEdit($nicknameOld, $passwordOld, $passwordNew = NULL, $nicknameNew = NULL, $email = NULL, $authorId = NULL, $authorName = NULL, $authorSurname = NULL){
		$database = self::$database;
		return $database->execSecure("call userEdit(:nicknameOld, :nicknameNew, :passwordOld, :passwordNew, :email, :authorId, :authorName, :authorSurname, @o);", 
		array(":nicknameOld" => $nicknameOld, ":nicknameNew" => $nicknameNew, ":passwordOld" => $passwordOld, ":passwordNew" => $passwordNew,
		 ":email" => $email, ":authorId" => $authorId, ":authorName" => $authorName, ":authorSurname" => $authorSurname));
	}
	# function to insert a new author
	public function authorInsert($userId, $authorName,  $authorSurname, $authorId = NULL, $bookId = NULL){
		$database = self::$database;
		return $database->execSecure("call authorInsert(:userId, :bookId, :authorId, :authorName, :authorSurname, @o);", 
		array(":userId" => $userId, ":authorName" => $authorName, ":authorSurname" => $authorSurname, ":authorId" => $authorId, 
			  ":bookId" => $bookId));
	}
	
	public function encryptPassword($password){
		# encrypt the password given. We have choosen this way because you can't decript a password
		# stored with this system
		$database = self::$database;
		$query = "SELECT PASSWORD(:password) as password";
		$stpdo = $database->getStpdo($query); 
		$stpdo->bindParam(':password', $password, PDO::PARAM_STR); 
		$stpdo->bindColumn(1, $password);
		$stpdo->execute(); 
		$row = $stpdo->fetch(PDO::FETCH_OBJ);
		if ($row){
			return $row->password;
		}else{
			return False;
		}
	}
	
	public function login($nickname, $password, $encrypted = false){
		# login function
		$database = self::$database;
		$query = "SELECT password FROM users WHERE nickname=:nickname";
		if ($encrypted){
			$query = $query . " AND password=:password";
		}else{
			$query = $query . " AND password=PASSWORD(:password)";
		}
		$stpdo = $database->getStpdo($query);
		$stpdo->bindParam(':nickname', $nickname, PDO::PARAM_STR); 
		$stpdo->bindParam(':password', $password, PDO::PARAM_STR); 
		$stpdo->bindColumn(1, $password);
		$stpdo->execute(); 
		$row = $stpdo->fetch(PDO::FETCH_OBJ);
		if ($row){
			return $row->password;
		}else{
			return False;
		}
	}
	
	public function getUserId($nickname, $authorId = false){
		# it checks if an user exists and return his ID
		$database = self::$database;
		$query = "SELECT id FROM users WHERE nickname=:nickname";
		# get also authorId?
		if ($authorId){
			$query = str_replace("id", "id, authorId", $query);
		}
		$stpdo = $database->getStpdo($query);
		$stpdo->bindParam(':nickname', $nickname, PDO::PARAM_STR); 
		$stpdo->bindColumn(1, $id);
		if ($authorId){
			$stpdo->bindColumn(1, $authorId);
		}
		$stpdo->execute(); 
		$row = $stpdo->fetch(PDO::FETCH_OBJ);
		if ($row){
			return $row;
		}else{
			return False;
		}
	}
	
	public function getUserData($nickname, $password = NULL){
		# returns user's data
		# the password must be already encrypted
		$database = self::$database;
		# login AND get user data
		if ($this->getUserId($nickname, true)->authorId){
			$query = "SELECT * FROM (SELECT * FROM users WHERE nickname= :nickname AND password = :password) u JOIN authors a WHERE a.id = u.authorId;";
		}else{
			# already logged: get only userdata
			$query = "SELECT * FROM users WHERE nickname= :nickname AND password = :password";
		}
		if (!$password){
			$query = str_replace(" AND password = :password", "", $query);
		}
		$stpdo = $database->getStpdo($query);
		$stpdo->bindParam(':nickname', $nickname, PDO::PARAM_STR); 
		if ($password){
			$stpdo->bindParam(':password', $password, PDO::PARAM_STR); 
		}
		$stpdo->execute(); 
		$row = $stpdo->fetch(PDO::FETCH_OBJ);
		if (!isset($row->name)){
			$row->name = ""; $row->surname = "";
		}
		# don't return the id or the password (useless)
		unset($row->id); unset($row->password);
		if ($row){
			return $row;
		}else{
			return False;
		}
	}
	

	public function __destruct() {
		parent::__destruct();
	}
};

?>
